skill-evolver
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes untrusted execution traces and user feedback to automatically modify other skill files. This could allow malicious input to influence code generation or instruction updates. 1. Ingestion points: traces.json (Traces) and user-written feedback. 2. Boundary markers: Absent; no instructions are provided to the agent to ignore or delimit embedded instructions within the ingested data. 3. Capability inventory: The agent is authorized to modify SKILL.md, scripts/, and references/ files. 4. Sanitization: Absent; the skill does not implement validation or filtering of the external content before interpolation.
- [COMMAND_EXECUTION]: The skill executes local Python scripts (scripts/analyze_traces.py and scripts/extract_issue_context.py) to analyze skill execution logs. This is standard functionality for the skill's purpose.
Audit Metadata